Home Page | Skip to Navigation | Skip to Content | Skip to Search | Skip to Footer

Four Best Practices for a Clean Mobile Security Policy

In all the years since the Palm Pilot first popularized the personal digital assistant (PDA) category, the biggest threat to PDAs remains the same—the washing machine. No amount of training or cajoling of users has reduced the risk of the spin cycle to your users' mobile information assets. And while you may not be able to inspect your users' pockets before the laundry room drowns and cooks their precious handhelds, there are, however, simple but vital steps you can take to reduce the security risk associated with PDAs:

  1. Establish an acceptable use policy (AUP)—as part of any AUP, you should require that users password protect their mobile devices as a first line of information security. But according to the 2004 Mobile Vulnerability Survey that polled corporate IT managers, only one-third of mobile device users utilize password protection. Yet PDAs have now become one of the primary communications tools for corporations, serving as platforms for email, applications, and even phone calls. So establishing mandatory PDA password protection as well as explicitly defining tolerable mobile device behavior is critical. And then training your users on the policy—even if they own the PDAs themselves—is a must before you even allow them onto your network.
  2. Encrypt the data—short of the washing machine, the most common security breach is device loss. Your executives may not travel in taxis with confidential papers strewn everywhere, but they will show such carelessness with their PDAs. With the risk of losing devices, using password or token-protected encryption software for host devices is a necessity.
  3. Use a firewall and VPN—today's handhelds connect to your network using wireless LANs. Since these gadgets exist in what are at best semi-trusted environments—which, really, should be considered hostile environments—they need the same security precautions as laptops that connect remotely. In other words, PDAs should include centrally managed personal firewalls, and wireless data should be encrypted using a Virtual Private Network that accommodates mobile devices.
  4. Stop the viruses—the PDA industry experienced its first virus in the year 2000. And ever since then, though PDAs have not proved as popular an attack vector as laptops and desktops running Windows, PDAs running non-Microsoft operating systems have seen their share of destructive viruses. But with the major antivirus vendors now supporting mobile platforms, it is just common sense to get ahead of the virus curve by installing and running antivirus products on your mobile devices.

In the end, your major threats remain the same—forgotten PDAs in the dirty clothes or unintentionally abandoned devices in cabs. However, if you follow the simple, effective steps outlined earlier, you can severely limit your security exposure to the mayhem of mobility.